Tighten sandbox by constraining capabilities
We only need CAP_NET_ADMIN
capability for the udev netlink socket
manipulations. All other capabilities can be dropped, reducing
the damage that can be done.
Thanks to Richard Maciel Costa rcosta@redhat.com for hi help on
this.